Quick and Dirty Baicells eNODEB Mikrotik Rules

If you have a Baicells eNodeB you wish to restrict access to these Mikrotik rules will help. There are some assumptions made. The following rules are meant to be a base for incorporating into your network.

/ip firewall filter
add action=drop chain=forward src-address=10.0.0.2 src-port=443 protocol=tcp \
   dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 src-port=8082 protocol=\
   tcp dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 src-port=48080 protocol=\
   tcp dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 src-port=4500,500 \
   protocol=udp dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 dst-port=80,443 \
   protocol=tcp dst-address-list=!WHITELIST


/ip firewall address-list
add address=baiomc.cloudapp.net list=baicells_cloud
add address=baicells-westepc-03.cloudapp.net list=baicells_cloud
add address=baicells-eastepc04.eastus.cloudapp.azure.com list=baicells_cloud
add address=1.2.3.4/24 list=baicells_cloud
add address=1.2.3.4/24 list=WHITELIST

10.0.0.2 is your eNodeB

The 1.2.3.4 above is your management Subnet.

You can tighten these rules up by combining them, or create a new chain. This is quick and easy and anyone can understand. What it does is allows the eNodeb to only communicate with the Baicells cloud and your management network. It also only allows you to access your eNodeB from your management network. These are not a complete ruleset but something to build upon.

Podcast: Baicells and Gen1

A snowy day here in Indiana so time to talk about the story of the week.  Baicells and Gen1 CPE not being CBRS compliant.

-Class actions lawsuits only make the attorneys money and take years
-Talk with distributors and Baicells about options.  Throw out options.  Extended warranties, spend discounts on other products with distributors.
https://www.ritaliafunding.com/

Water tower install with mounting frame

We recently headed up a job for a client of installing some RF elements horns, Cambium ePMP, and Baicells LTE for a client.  One of the gems of this job was the frame the client designed for the job.  We can’t take credit for this. We just think it’s cool. Some of these pictures were taken during construction, thus post clean-up.

The frame is truly an example of how WISPs are stepping up their installs to become more standardized and carrier-grade. It costs some money but is worth it in the end.

 

WISPAMERICA 2017 PHOTOS

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

Baicells Public IPs on client routers

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon at $1 or more
Already a qualifying Patreon member? Refresh to access this content.

Public IP addresses on Baicells clients

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
This content is available exclusively to members of Justin Wilson's Patreon at "Access to patro..." or higher tier, or having at least $1 pledged in total.
Already a qualifying Patreon member? Refresh to access this content.